Bandwidth Monitoring & Measurement (tools and services)

In this presentation

 Introduction  What are Network Monitoring Tools  Bandwidth Monitoring Techniques/Services  Setting up some monitoring Tools  Conclusion

Introduction:-

Why do we need to monitor and measure Bandwidth

 Cost of Bandwidth is expensive for developing countries  Bandwidth in developing countries is expensive. In a report for the Partnership for Higher Education in Africa, Mike Jensen calculates that Makerere University pays about $22,000/month for 1.5Mbps/768Kbps (in/out), Eduardo Mondlane pays $10,000/month for 1Mbps/384Kbps, while the University of Ghana pays $10,000/month for 1Mbps/512Kbps.

These figures indicate that African universities, outside of South Africa, are paying over $55,000/month for 4Mbps inbound and 2Mbps outbound. These figures are about 100 times more expensive than equivalent prices in North America or Europe.

Cont…

 To Know if the ISP is providing us with the required bandwidth paid for.

 To be able to optimize the available bandwidth – 59% of institutions do not monitor or manage bandwidth at all ( Belcher, 2005) – For details See the ATICS Report: www.atics.info

Ways to improve network performance

 Upgrade infrastructure, to install faster, larger, and higher performing systems, lines and facilities.

 Look for cheaper provider and Increase/upgrade your bandwidth.

 Alternative approach – is to recognize that ‘bandwidth’ is a valuable institutional resource or asset that needs to be managed, conserved, and shared as effectively as possible.

How do we measure Bandwidth?

 Network Monitoring Tool

What are Network Monitoring Tools?

 Allows the administrator to know the health status of the network.

 It provides information about collected data and the analysis of such raw data with a view to using scarce or limited resources effectively.

 Uses network probe. Probes let you isolate traffic problems and congestions slowing your network to a crawl.

What can we use the tools for?

 Identifying unofficial services or servers  Monitoring usage and traffic statistics  Troubleshooting your network  Investigating a security incident  Keeping logs of users activities for accountability

Who? What? Where? How? When?

     Who is accessing your network?

– students, academics, staff, visitors or others What are they accessing your network for?

– academic study, social use, business use, illegal use Where are they accessing your network from?

– internal, external How are they accessing your network?

– remote user, local Ethernet, WAN, dial-up, Wi-Fi, VPN When did they access your network?

– today, yesterday, last week, last month…

Network Monitoring Techniques

 Fraleigh et al, (2001) describe two techniques for network measurement.

 Active Measurement  Passive Measurement

Active vs. Passive

 Active – relies upon data gathered from probe packets injected into the network.

 Passive – relies upon data gathered from active network traffic.

Active and Passive Tools

Network Monitoring Tools

http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html#ping

Passive Network Monitoring Tools

 Multi-Router Traffic Grapher Is a tool for monitoring traffic loads on a network link. MRTG generates HTML pages that provide a live, visual representation of the network traffic.

It can be used to monitor any SNMP MIB.

Limitations – – It cannot provide information that shows which host or application may be causing a traffic bottleneck.

MRTG does not provide information about traffic type or protocol statistics

MRTG Example

MRTG Example

Cont…

 Etherfind – – – – The software opens the network card in the promiscuous mode and writes a summary line of each packet to a file.

Information include protocol type, size, source and destination addresses. The tool extract information from each packet. The data is presented as a text-based user interface Only users with root permission can access the tool.

CONT……

 NFS watch – It monitors all incoming network traffic destined to NFS file servers, and divides it into several categories. The number and percentages of packets received is displayed on the screen – This tool was originally designed to monitor a single host

CONT…

 TCPdump – Uses the packet capture library (libpcap).

– Prints the headers of packet on a network interface, user analyses network status using this header manually – Has many option for capturing raw data, but it does not provide any analysis capability for the captured data.

CONT…..

 Argus - It is a generic auditing tool.

- It runs as an application level daemon, promiscuously reading network packets from a specified interface - it generate network traffic audit records for the network activity.

- it extract info from each packet in promiscuous mode, save the info to a file and later analyzes the file - It shows information about protocols, but does not show source or destination host information, it only provides a text based user interface.

CONT…

 Etherload – It is a freely LAN traffic analyzer for MS-DOS with an Ethernet or Token Ring controller – – – It basically captures each packet running through a LAN and provides various information on the packet.

It can be used to check which host is generating the most traffic, which host is sending to which host, and what kind of protocols are in use in a specific Ethernet segment Since it is DOS based it provides character-based user interface for displaying traffic information

CONT…..

 IPTraf – IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte count – – – – – – – – – – –

Protocols Recognized

IP TCP UDP ICMP IGMP IGP IGRP OSPF ARP RARP

CONT……

 NTOP – ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well. – ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.

CONT…

 PRTG – PRTG Traffic Grapher is an easy to use Windows software that monitors bandwidth usage and other network parameters via SNMP. – PRTG Traffic Grapher monitors network and bandwidth usage as well as various other network parameters like memory and CPU usages, providing system administrators with live readings and periodical usage trends to optimize the efficiency, layout and setup of leased lines, routers, firewalls, servers and other Simple Network Management Protocol (SNMP) enabled network components.

PRTG Example

CONT…

 Webalizer –

The Webalizer

is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.

CONT…

   WebTrafMon – Web-based network traffic monitoring and analysis system. – – Displays a list of hosts that are currently using the network and reports information concerning the IP(Internet Protocol) traffic generated and exchanged by each host. Limitations….

Can not Monitor and analyze the Fast Ethernet and Gigabit Ethernet Can not Analyze large log files

Bandwidth measurement services

            http://www.2wire.com/?p=154 http://www.speakeasy.net/speedtest/http://www.ookla.com/s peedtest/ http://reviews.cnet.com/7004-7254_70.html?tag=txt http://us.mcafee.com/root/speedometer/default.asp

http://www.zapp.ro/buy/speedmeter/ http://www.bandwidthplace.com/speedtest/ http://reviews-zdnet.com.com/Bandwidth_meter/7004 7254_16-0.html

http://bluefield.speedtest.frontiernet.net/ Bluefield WV http://bos.speakeasy.net

speed test Boston, speakeasy bandwidth http://box54.org/SpeedTest.html

Box 54 Server http://bugclub.org/BUGSpeed.html

Brevard Users Group server Speed Test http://chi.speakeasy.net

Chicago, speakeasy networked server speed test http://cookeville.speedtest.frontiernet.net/ Cookeville TN http://den.speakeasy.net

Denver, speakeasy bandwidth speeds http://dfw.speakeasy.net

Dallas, speakeasy bandwidth speeds http://download.enitel.no/speedtest/ Speed test - text download, Norway http://elkgrove.speedtest.frontiernet.net/ Elk Grove CA (Nice test site) http://gemal.dk/browserspy/bandwidth.html

How fast is your connection... BrowserSpy, http://home.austin.rr.com/bc/bandwidth.htm

RoadRunner of Austin, Texas http://home.broadpark.no/~tbjorgen 1/speedometer.html

Lars-Magnus Lier http://home.cfl.rr.com/bjp/test.htm

Brad's RoadRunner networked server speeds http://home.cfl.rr.com/cm3/speedtest7.htm

Corley's RoadRunner Test page http://home.cfl.rr.com/eaa/SpeedTest.htm

Eric's own RoadRunner Bandwidth Test http://homepage.tinet.ie/~leslie/testpage.htm

available. 2 tests  http://support.sbcglobal.net/dsl/speedtest/ http://us.mcafee.com/root/speedometer.asp

Mcafee's SpeedOmeter (resurrected) http://w1.970.telia.com/~u97007522/ Speed test, Located in northern Sweden http://web.bitnet.net/dimension/ (Sweden Borlange) http://web.bitnet.net/dimension/speedtest.htm

Sweden, bandwidth speedtest http://web.tampabay.rr.com/giis/50.htm

RoadRunner of Tampa Bay, FL http://webservices.cnet.com/Bandwidth/?tag=tm CNET's test. http://www.2wire.com/meter/bm.html

2Wire Bandwidth Meter. http://www.2wire.com/meter/bmresult.html?kbps=1863 2Wire Bandwidth Meter. http://www.aitsoft.com/Services/speedtest.asp

AIT - Services -- Speed Test http://www.alken.nl/ Online Speedtest etc. http://www.aroundcinci.com/speedtest/ speedtest home of Cincinati, Ohio http://www.austin.rr.com/speedtest/speed.asp

RoadRunner home of Austin, Texas http://www.bandwidthplace.com/speedtest/ Bandwidth Place Welcome! http://www.beelinebandwidthtest.com/ Beeline Bandwidth Test, Amsterdam http://www.cable modem.net/features/oct99/speed.html

bandwidth speedtest http://www.computers4sure.com/speed.asp?iid=154 By mhmd, 4SURE.com bandwidth http://www.dagbladet.no/dinside/baandbredde/start.html

Norway http://www.donspage.com/dsltest/speedtest.html

online services bandwidth speed test http://www.dslreports.com/stest?loc=1 DSL Reports in Megapath, CA

Cont…

 http://www.eaglepro.net/bandwith/ Sweden bandwidth speed test http://www.ececs.uc.edu/~annexste/speed.html

internet performance speedtest http://www.ececs.uc.edu/~annexste/speed100.html

University of Cincinnati http://www.elkindustries.com/SpeedTest.htm

Elk Industries Server Test http://www.info-techs.com/speedtest.html

Information Technologies http://www.info techs.com/speedtest50.html

Lakeview Terrace, CA http://www.info-techs.com/speedtest500.html

Lakeview Terrace, CA http://www.intercom.net/xpeedometer/xpeedometer.htm

http://www.itcom.itd.umich.edu/adsl/speedtest.html

broadband connection test http://www.midsouth.rr.com/speed.asp

RoadRunner of the Mid-South Speed Test http://www.mordax.nl/ Netherlands internet speedtest http://www.numion.com/YourSpeed/Checkup.php?L=br connection performance http://www.numion.com/YourSpeed/Checkup.php?L=tw United Kingdom http://www.pcpitstop.com/internet/Bandwidth.asp

speed test page for Fort Wayne,IN http://www.pcpitstop.com/internet/default.asp

Internet Connection Center http://www.satx.rr.com/support/speedtest/ PC Pitstop's RoadRunner Speed Tests http://www.speedsuite.net/speedsuite/ Networked Speed test, Amsterdam http://www.speedtest.nl/ Netherlands http://www.squigly.com/performance/ cable speeds near Toronto, Canada http://www.summitcomputer.net/speedtest/unlisted/speedtes t500.asp http://www.testmy.net/ Bandwidth Speed Test & Broadband Forum-Chat http://www.zensupport.co.uk/speedtest/ http://speed.kify.com/ Zen's Web test         http://speedtest.csloxinfo.com/ www.adslthailand.com/bandwidthmeter/initialmeter.php

http://wow.asianet.co.th/speedtest.php

http://203.147.12.250/bwtest/initialmeter.php

http://bandwidth.west.cat.net.th/meter.php

http://media.thai2learn.com/meter/initialmeter.php

http://www.ine.co.th/support/speed/meter.php

http://wow.trueinternet.co.th/speedtest.php

Setting up Ntop

  Download Ntop Using a tar ball tar xpfz ntop-3.0-4.tar.gz

./configure make make install  http://rpm.pbone.net

 Installing with RPM is also easy. The package name may vary, but you simply use the command: rpm –uvh ntop-3.0-4mdk.i586.rpm

  Run ntop (service ntop start) Go to a web browser type http://localhost:3000

Setting up MRTG

  Net-snmp Mrtg  Snmpd.conf

# define RO community rocommunity bow rwcommunity bow #First Map the community name “bow" into a "security name“ # sec.name source community com2sec oaunet default bow # Second, map the security name into a group name: # group groupName securityModel securityName oaugroup v1 oaunet group oaugroup v2c oaunet

Snmpd.conf cont…

# Third, create a view for us to let the group have rights to: # name incl/excl subtree mask(optional) #view systemview included system view all included .1 80 # Finally, grant the group read-only access to the systemview view.

# group context sec.model sec.level prefix read write notif access notConfigGroup "" any noauth exact systemview none none

Sample snmpd.conf file

rocommunity bow com2sec local localhost com2sec mynetwork 10.105.1.0/24 bow bow group myRwgroup any local group myRogroup any mynetwork view all included .1 80 access myRogroup "" any noauth all none none access myRwgroup "" any noauth all all all

Start your Snmp server and test it

 # chkconfig snmpd on   Start the service snmpd (#service snmpd start) Run snmpwalk utility to request for a tree of info about network entity (query snmp server for your IP address assigned to etho, eth1, lo)  #snmpwalk -c bow -v 1 localhost

Install mrtg

 Installing with RPM is also easy. The package name may vary, but you simply use the command: rpm –Uvh mrtg-2.10.5-3mdk Create a work directory mkdir /var/www/mrtg chmod 755 /var/www/mrtg Create the mrtg configuration file # cfgmaker --global "WorkDir: /var/www/mrtg" \ --global "Options[_]: growright,bits" \ --ifref=ip \ bow@localhost > mrtg.cfg

Run mrtg using the Configuration file

  #mrtg /var/www/mrtg/mrtg.cfg

Note: You may get few warning message for first time; ignore them. Run mrtg about 3 times  View the graph using a browser – file//mrtg

THANK YOU